Application No. 10/678,910 



Attorney Docket No. AOL0091 



Status of the Claims 

1. (Currently Amended) An i d e ntity bas e d s e rv i c e A system, comprising: 

at least one pr i ncipa l first entity comprising any of a user, a user agent and 
5 a principal at le ast one i d e nt i ty compr i sing us e r informat i on ; 

a bas i c an authentication agency for managing at le ast on e i d e nt i ty for th e 
pr i nc i pa l , and for auth e nticating th e pr i ncipa l; 

means for sending a login request from the first entity to the authentication 
agency; 

10 means for receiving an assertion at the first entity from the authentication 

agency in response to the log in reguest: 

means for authenticating the first entity at a participant with the received 
assertion: 

means for sending a reguest for service on behalf of the first entity from a 
15 second entity comprising any of the participant and a service consumer 
associated with the participant to anv of the authentication agency and a 
discovery service associated with the authentication agency, using the assertion: 
and 

means for an sending an authorization from the a system e nt i ty wh i ch i s 
20 acc e ss i b le by th e principa l , bas e d on an auth e nt i cation of th e princ i pa l by th e 
basic authentication agency to the second entity for the reguested service in 
response to the sent reguest if the first entity is enabled for the reguested 
service , and bas e d on r e tri e va l of at least a portion of us e r informat i on from th e 
bas i c auth e ntication ag e ncy . 

25 

2. (Currently Amended) The i d e ntity bas e d s e rv i c e system of Claim 1, further 
comprising: 

at least one identity associated with the first entity, and user information 
associated with at least one of the identities; and 
30 at least one core service associated with the system and related to at least 

a portion of the user information. 
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3. (Currently Amended) The id e nt i ty based s o rvico system of Claim 2, wherein 
the core service is accessible by the first entity us e r, bas e d on an auth e ntication 
of th e principa l by th e bas i c auth e nt i cation ag e ncy . 

5 4. (Currently Amended) The i d e nt i ty bas e d servic e system of Claim 2, wherein 
the core service is accessible by the participant syst e m e ntity, bas e d on an 
auth e nticat i on of th e pr i nc i pa l by th o bas i c auth e nticat i on ag o ncy . 

5. (Currently Amended) The id e ntity bas e d sorv i c o system of Claim 2, wherein 
1 0 the core service is associated with one or more core service providers. 

6. (Currently Amended) The i d e ntity bas e d serv i c e system of Claim 2, wherein 
the core service comprises any of an authentication service, a profile service, an 
alert service, a calendar service, an address book service and a wallet service. 

15 

7. (Currently Amended) The id e nt i ty bas e d s e rv i ce system of Claim 1, wherein 
the basic authentication agency further comprises means for translating 
namespaces, such that a user identity of a princ i p al the first entity in a first 
namespace is translatable to a user identity in a second namespace. 

20 

8. (Currently Amended) The i d e ntity bas e d s e rv i c e system of Claim 7, wherein 
the user identity in the second namespace is encrypted. 

9. (Currently Amended) The id e ntity bas e d s e rvic e system of Claim 7, wherein 
25 the user identity in the second namespace is time-bound. 

1 0. (Currently Amended) The id e ntity based s e rv i c e system of Claim 1 , wherein 
a user identity is associated with the first entity, and wherein the system further 
comprises comprising : 

30 at least one core authentication record associated with the user identity, 

comprising any of services and links associated with the user identity. 
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1 1 . (Currently Amended) An id e nt i ty based serv i c e system, comprising: 

a basic an authentication agency for managing an id e ntity for a us e r 
authenticating at least one first entity comprising any of a user, a user agent and 
a principal, and for sending assertions to the first entities ; and 
5 at least one second entity comprising 

means for receiving the assertions from the first entities, 
means for authenticating the first entities at the second entity with 
the received assertions, 

means for sending reguests for service on behalf of the first entities 
10 to any of the authentication agency and a discovery service associated 

with the authentication agency, using the received authentication 
information from said first entities, 

means for d i scov e r i ng a s e rvic e d e scr i ptor for th e us e r, bas e d on a 
r e c e iv e d us e r id e nt i f ie r and a s e rv i c e nam e receiving authorizations sent 
15 from the baste authentication agency in response to the sent reguests if 

the first entities are enabled for the requested services : and 

wh e r e by a t leas t on o w e b means for invoking the reguested 
authorized services with the received authorizations s o rv i c e i s access i bl e , 
bas e d upon th o discov e r e d servic e descriptor and th o nam e i d e nt i f ie r . 

20 

12. (Currently Amended) The id e ntity bas e d s e rvic e system of Claim 1 1 , further 
comprising: 

a discovery module associated with the bas i c authentication agency and 
adapted to receive a user identifier associated with the usef first entity and a 
25 service name known to the system. 

13. (Currently Amended) The i d e ntity bas e d s e rv i c e system of Claim 11, further 
comprising: 

at least one core service associated with the system and related to the 
.30 user first entity . 
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14. (Currently Amended) The id e ntity bas e d s e rv i c e system of Claim 13, 
wherein the core service is accessible by the first entity us e r, bas e d on a syst e m 
auth e nt i cat i on of th e pr i ncipal at th e basic auth e ntication ag e ncy . 

5 15. (Currently Amended) The id e ntity bas e d s e rvic e system of Claim 13, 
wherein the core service is accessible by a syst e m the second entity , bas e d on 
an auth e nt i cation of th e pr i nc i pal at th e bas i c auth e nt i cation ag e ncy . 

16. (Currently Amended) The i d e ntity bas e d s e rv i c e system of Claim 13, 
1 0 wherein the core service is associated with one or more core service providers. 

17. (Currently Amended) The id e ntity bas e d s e rvic e system of Claim 13, 
wherein the core service comprises any of an authentication service, a profile 
service, an alert service, a calendar service, an address book service and a 

15 . wallet service. 

18. (Currently Amended) The id e ntity based servic e system of Claim 11, 
wherein the basic authentication agency further comprises means for translating 
namespaces, such that a user identity of a pr i ncipal first entity in a first 

20 namespace is translatable to a user identity in a second namespace. 

19. (Currently Amended) The i d e nt i ty bas e d s e rvic e system of Claim 18, 
wherein the user identity in the second namespace is encrypted. 

25 20. (Currently Amended) The id e ntity bas e d s e rv i c e system of Claim 18, 
wherein the user identity in the second namespace is time-bound. 

21. (Currently Amended) The ident i ty bas e d s e rvic e system of Claim 11, 
wherein an identity is associated with the first entity, and wherein the system 
30 further comprises compr i sing : 

at least one core authentication record associated with the identity, 
comprising any of services and links associated with the identity. 
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22. (Currently Amended) The system of Claim 11, wherein the principa l first 
entity is located at a device linked to the i dentity based s e rvic e system. 

5 23. (Currently Amended) An id e ntity bas e d servic e A process, comprising the 
steps of : 

providing a bas i c sending a login request from a first entity to an 
authentication agency for managing an i d e nt i ty for a user , the first entity 
comprising any of a user, a user agent and a principal ; 
10 receiving an assertion at the first entity from the authentication agency in 

response to the log in request a us e r id e ntif ie r assoc i at e d with th e us e r and a 
s e rvic e nam e known to th e syst e m ; 

authenticating at a participant through the first entity with the received 
assertion; 

1 5 d i scov e r i ng sending a request for a service d e scriptor for on behalf of the 

us e r, based on a r e c ei v e d us e r i d e ntifi e r and a s e rvice nam e first entity from a 
second entity comprising any of the participant and a service consumer 
associated with the participant to any of the authentication . agency and a 
discovery service associated with the authentication agency, using the assertion ; 

20 and 

contro ll ab l y auth e nt i cat i ng acc e ss to a sending an authorization from the 
authentication agency to the second entity for the reguested service in response 
to the sent reguest if the principal is enabled for the reguested service , bas e d 
upon th e r e ce i pt of th e discov e r e d s e rvice d e scr i ptor and th e nam e id e nt i f ie r . 

25 

24. (Currently Amended) The process of Claim 23, further comprising the step 
of: 

establishing at least one core service associated with the system and 
related to the usef first entity . 

30 



27 



Application No. 10/678,910 



Attorney Docket No. AOL0091 



25. (Currently Amended) The process of Claim 24, wherein the core service is 
accessible by the first entity us e r, based on a syst e m auth e nt i cat i on of th e 
principal at th e basic auth e nt i cat i on ag e ncy . 

5 26. (Currently Amended) The process of Claim 24, wherein the core service is 
accessible by the participant a syst e m entity, bas e d on an auth e ntication of th e 
principal at th e basic auth e nt i cat i on ag o ncy . 

27. (Original) The process of Claim 24, wherein the core service is associated 
10 with one or more core service providers. 

28. (Currently Amended) The process of Claim 23, wherein the core service 
comprises any of an authentication service, a profile service, an alert service, a 
calendar service, an address book service and a wallet service. 

15 

29. (Currently Amended) The process of Claim 23, further comprising the step 
of: 

translating namespaces, such that a user identity of a pr i nc i pal first entity 
in a first namespace is translated to a user identity in a second namespace. 

20 

30. (Original) The process of Claim 29, further comprising the step of: 

encrypting the user identity in the second namespace. 

31. (Original) The process of Claim 29, wherein the user identity in the second 
25 namespace is time-bound. 

32. (Currently Amended) The process of Claim 23, further comprising the step 
steps of: 

establishing at least one identity associated with the first entity: and 
30 associating at least one core authentication record with the established 

identity, comprising any of services and links associated with the established 
identity. 
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33. (Currently Amended) A process, comprising the steps of: 

providing a basic an authentication agency networked to a service having 



establishing an identity at the feasie authentication agency for a pr i ncipa l 
5 first entity comprising any of a user, a user agent and a principal , compris i ng 
i nformat i on and a name id e ntif ie r for a us e r ; 

sending authentication information from the authentication agency to the 
first entity; 

authenticating the first entity at a participant with the authentication 
10 information; 

sending a reguest for a service on behalf of the principal from a second 
entity comprising any of the participant and a service consumer associated with 
the participant to any of the authentication agency and a discovery service 
associated with the authentication agency; 

15 sending an authorization from the authentication agency to the second 

entity to access the service on behalf of the first entity if the first entity is enabled 
for the service by the authentication agency; and 

establishing a link between the principa l second entity and the service fey 
th e basic auth e nticat ion age ncy , based upon a r e c ei p t of a us e r id e nt i fi e r and a 

20 s e rv i c e nam e the authorization . 

34. (New) The process of Claim 33, wherein the second entity comprises any of 
a network site, a service provider and a store. 

25 35. (New) The process of Claim 33, wherein the authorization comprises a 
service descriptor and a service assertion, wherein the service descriptor 
comprises means for locating the requested service and wherein the service 
assertion comprises a credential to establish the link. 

30 36. (New) The system of Claim 1, further comprising: 

means for invoking the requested service through the second entity using 
the authorization. 
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37. (New) The system of Claim 1, wherein the participant comprises any of a 
network site, a service provider and a store. 

5 38. (New) The system of Claim 1, wherein the request for service comprises a 
service descriptor and a service assertion, wherein the service descriptor 
comprises means for locating the requested service, and wherein the service 
assertion comprises a credential to access the requested service. 

10 39. (New) The system of Claim 1, wherein at least one identity is associated 
with the first entity, comprising any of a personal identity, a business identity and 
an anonymous identity. 

40. (New) The system of Claim 11, wherein the second entity comprises any of 
1 5 a network site, a service provider and a store. 

41. (New) The system of Claim 11, wherein the authorizations comprise a 
service descriptor and a service assertion, wherein the service descriptor 
comprises means for locating the requested service, and wherein the service 

20 assertion comprises a credential to access the requested service. 

42. (New) The system of Claim 11, wherein at least one identity is associated 
with the first entity, comprising any of a personal identity, a business identity and 
an anonymous identity. 

25 

43. (New) The process of Claim 23, further comprising the step of: 

invoking the requested service through the second entity using the 
authorization. 

30 44. (New) The process of Claim 23, wherein the participant comprises any of a 
network site, a service provider and a store. 
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45. (New) The process of Claim 23, wherein the authorization comprises a 
service descriptor and a service assertion, wherein the service descriptor 
comprises means for locating the requested service and wherein the service 
assertion comprises a credential to invoke the requested service. 

46. (New) The process of Claim 23, wherein at least one identity is associated 
with the first entity, comprising any of a personal identity, a business identity and 
an anonymous identity. 
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